[Koha] HTML not being encoded for display?
g_adams27 at hotmail.com
Thu Mar 6 12:35:00 NZDT 2008
(Koha 3.0 alpha, Gentoo Linux 2.6.24, MySQL 5.0.54)
In tracking down some problems I was having, I've realized that it doesn't seem Koha doesn't do any HTML encoding with regards to MARC entry or biblio display.
For example, in the "Add a MARC Record" section, I can enter in a title (tag 245c) of the following:
My Book is <font size="+5">Great</font>
Sure enough, when the completed MARC record is submitted, the additem.pl page will show the title with the word "Great" really big. Once added to the catalog, it will show up in the search engines with that word really big as well.
Surely everything entered by users and librarian in the OPAC and Intranet sites should be HTML-encoded if it's going to be redisplayed, right? Did I miss some setting in the Administration menus that would disallow HTML from being entered in a form, or is this a fairly big bug?
More information about the Koha